Chapter 1: Features Overview26 SmartSwitch Router 2000 Getting Started GuideIPX RoutingThe SSR 2000 supports the following IPX routing protocols:• IPX RIP – a version of the Routing Information Protocol (RIP) tailored for IPX• IPX SAP – the Service Advertisement Protocol, which allows hosts attached to an IPXnetwork to reach printers, file servers, and other servicesBy default, IPX routing is enabled on the SSR 2000 when an IPX interface is created.Layer-4 SwitchingIn addition to Layer-2 bridging and Layer-3 routing, the SSR 2000 performs Layer-4switching. Layer-4 switching is based on applications and flows.• Layer-4 applications – The SSR 2000 understands the application for which an IP orIPX packet contains data and therefore enables you to manage and control traffic on anapplication basis. For IP traffic, the SSR 2000 looks at the packet’s TCP or UDP portnumber to determine the application. For IPX packets, the SSR 2000 looks at thedestination socket to determine the application.• Layer-4 flows – The SSR 2000 can store Layer-4 flows in each expansion module. ALayer-4 flow consists of the source and destination addresses in the IP or IPX packetcombined with the TCP or UDP source and destination port number (for IP) or thesource and destination socket (for IPX). You can therefore manage and controlindividual flows between hosts on an individual application basis.A single host can have many individual Layer-4 entries in the SSR 2000. For example, anIP host might have separate Layer-4 application entries for email, FTP, HTTP, and so on, orseparate Layer-4 flow entries for specific email destinations and for specific FTP and Webconnections.SecurityThe bridging, routing, and application (Layer-2, Layer-3, and Layer-4) support describedin previous sections enables you to implement security filters that meet the specific needsof your organization. You can implement the following types of filters to secure traffic onthe SSR 2000:• Layer-2 source filters (block bridge traffic based on source MAC address)• Layer-2 destination filters (block bridge traffic based on destination MAC address)• Layer-2 flow filters (block bridge traffic based on specific source-destination pairs)• Layer-3 source filters (block IP or IPX traffic based on source IP or IPX address)• Layer-3 destination filters (block IP or IPX traffic based on destination IP or IPXaddress)